mkimage-arch.sh: /dev/ setup redundant? haveged not needed anymore? #28431

Closed
czka opened this Issue Nov 15, 2016 · 4 comments

Comments

Projects
None yet
4 participants
@czka

czka commented Nov 15, 2016

1. /dev/ setup.

mkimage-arch.sh does the following:

mknod -m 666 $DEV/null c 1 3
mknod -m 666 $DEV/zero c 1 5
mknod -m 666 $DEV/random c 1 8
mknod -m 666 $DEV/urandom c 1 9
mkdir -m 755 $DEV/pts
mkdir -m 1777 $DEV/shm
mknod -m 666 $DEV/tty c 5 0
mknod -m 600 $DEV/console c 5 1
mknod -m 666 $DEV/tty0 c 4 0
mknod -m 666 $DEV/full c 1 7
mknod -m 600 $DEV/initctl p
mknod -m 666 $DEV/ptmx c 5 2

Whereas a `docker run' (v. 1.12.3) creates the following on its own:

crw-------  1 root root 136,   2 Nov  8 21:48 console
lrwxrwxrwx  1 root root       11 Nov  8 21:29 core -> /proc/kcore
lrwxrwxrwx  1 root root       13 Nov  8 21:29 fd -> /proc/self/fd
crw-rw-rw-  1 root root   1,   7 Nov  8 21:29 full
crw-rw-rw-  1 root root  10, 229 Nov  8 21:29 fuse
drwxrwxrwt  2 root root       40 Nov  8 21:29 mqueue
crw-rw-rw-  1 root root   1,   3 Nov  8 21:29 null
lrwxrwxrwx  1 root root        8 Nov  8 21:29 ptmx -> pts/ptmx
drwxr-xr-x  2 root root        0 Nov  8 21:29 pts
crw-rw-rw-  1 root root   1,   8 Nov  8 21:29 random
drwxrwxrwt  2 root root       40 Nov  8 21:29 shm
lrwxrwxrwx  1 root root       15 Nov  8 21:29 stderr -> /proc/self/fd/2
lrwxrwxrwx  1 root root       15 Nov  8 21:29 stdin -> /proc/self/fd/0
lrwxrwxrwx  1 root root       15 Nov  8 21:29 stdout -> /proc/self/fd/1
crw-rw-rw-  1 root root   5,   0 Nov  8 21:29 tty
crw-rw-rw-  1 root root   1,   9 Nov  8 21:29 urandom
crw-rw-rw-  1 root root   1,   5 Nov  8 21:29 zero

So it seems that mkimage-arch.sh creates most of the devices for no purpose, right? Only tty0 and initctl are missing in Docker's default /dev. FWIW, on my Arch Linux machine initctl is a link to /run/systemd/initctl/fifo:

lrwxrwxrwx 1 root root 25 11-04 09:19 /dev/initctl -> /run/systemd/initctl/fifo
prw------- 1 root root 0 11-04 09:19 /run/systemd/initctl/fifo

systemd will not normally run on a Docker container. So maybe /dev/initctl still needs to be created manually? What about /dev/tty0? Any thoughts welcome.

2. Is haveged still necessary?

I have built a rather big number of Arch Linux Docker images using my https://github.com/czka/archlinux-docker, using latest Arch Linux bootstrap tarballs, and "pacman-key --init" ran fine at each build without having to start haveged in advance, to provide more entropy. Am I just lucky, or could the script drop haveged as well? Or maybe there is a good reason to use haveged anyway?

@terencewestphal

This comment has been minimized.

Show comment
Hide comment
@terencewestphal

terencewestphal Feb 5, 2017

@czka I am afraid you're just lucky. I have tried your archlinux-docker image and sometimes it works perfect without haveged, but most of the time it hangs on pacman-key --init. Of Course, this is not a fault in your Dockerfile, but rather because the virtual build server I used lacking the entropy.

I was really hoping we could do without haveged. Is there an alternative you know of?

@czka I am afraid you're just lucky. I have tried your archlinux-docker image and sometimes it works perfect without haveged, but most of the time it hangs on pacman-key --init. Of Course, this is not a fault in your Dockerfile, but rather because the virtual build server I used lacking the entropy.

I was really hoping we could do without haveged. Is there an alternative you know of?

@czka

This comment has been minimized.

Show comment
Hide comment
@czka

czka Feb 5, 2017

Is there an alternative you know of?

Nope. I'll add haveged to my Dockerfile. Thanks a ton for letting me know.

czka commented Feb 5, 2017

Is there an alternative you know of?

Nope. I'll add haveged to my Dockerfile. Thanks a ton for letting me know.

@czka czka referenced this issue in czka/archlinux-docker Feb 5, 2017

Closed

add haveged call to Dockerfile #4

@czka

This comment has been minimized.

Show comment
Hide comment
@czka

czka May 29, 2017

@terencewestphal

I'm back and have added haveged to my Dockerfile. Could you give it a whirl if you are still interested? It's on branch hack_haveged_in.

czka commented May 29, 2017

@terencewestphal

I'm back and have added haveged to my Dockerfile. Could you give it a whirl if you are still interested? It's on branch hack_haveged_in.

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah May 30, 2017

Member

Let me close this issue for housekeeping because it's not really a bug report, but feel free to continue the discussion and/or open a pull-request if the script needs updating 👍

Member

thaJeztah commented May 30, 2017

Let me close this issue for housekeeping because it's not really a bug report, but feel free to continue the discussion and/or open a pull-request if the script needs updating 👍

@thaJeztah thaJeztah closed this May 30, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment